synacktiv/CVE-2025-47227_CVE-2025-47228

synacktiv/CVE-2025-47227_CVE-2025-47228

Releases0

Stars2

ScriptCase Pre-Authenticated Remote Command Execution exploitation script (CVE-2025-47227, CVE-2025-47228).

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-47227 ↗	Jul 5, 2025Saturday, 5 July 2025, 03:15	7.5 HIGH	—
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
CVE-2025-47228 ↗	Jul 5, 2025Saturday, 5 July 2025, 03:15	6.7 MEDIUM	—
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.